Open source software has become a significant component of all software development activities, intentionally and sometimes unintentionally, thanks to the wealth of available source code, its apparent free cost, and high degree of stability and security. But while open source appears to be cost free, it is not without obligations, as it comes laden with licensing and copyright responsibilities enforceable by law. Lack of knowledge about these obligations and ignoring them can lead to dire consequences for technology firms, and some of the ensuing legal cases have been well documented.
This does not mean that outsourcing or open source usage should be avoided. The cause for concern is not with the use of open source, but with the unmanaged adoption of third party code and its accompanying copyright and licensing duties. It is important for software organisations to establish appropriate intellectual property (IP) policies that determine what specific open source licenses and license terms are acceptable for a specific product and business. Managers need to validate the IP cleanliness of their products and services to make sure all legal obligations are met before they go to market.
A cost model for assuring software legal compliance is essential for CIOs. A cost model must take into account factors such as the extent of open source or other third party content in a product, the extent to which the content violates an organisation’s licensing policies, and the probability of detecting a violation after a product launch and the cost associated with fixing the problem. Considering a number of scenarios with varying project complexity, organisation size, and introducing cost numbers for correcting licensing violations during development, this model provides a glimpse of the effectiveness and the economies of automated software scanning and licensing compliance.
Third Party Software Content and IP Violations
Nowadays, it’s common to have software products consisting of thousands of software files (source code or binaries). Some of the components brought into the product may have license requirements and copyright obligations that are at variance with the corporate IP policy. For example a corporation may be legally compelled to release the source code for a commercial product, creating a serious loss in revenue for the company. On the other hand, another scenario involves modification of a software file while the license specifically forbids any tampering with the code, resulting in legal action. Some of these violations are significant enough to warrant specific copyright compliance actions or software corrections, although determination of what is a significant legal violation is ultimately for a judge to decide; and getting in front of a judge is an expensive proposition.
The level of external content in the software could be as little as 10 per cent and as high as 100 per cent if the software component of the product is completely outsourced. For an illustration of our cost model, let’s assume that only 45 per cent of the software components are open source, or otherwise of external origin. In this model we shall assume that only four per cent of all external content is in violation of the associated corporate IP policy.
If a licensing violation is detected after the software is released to the market, then costly post-release corrections are necessary. The model presented here allows for a range of non-compliance visibility in the market. Here we will assume that about 15 per cent of the violations are some how detected and reported in the field. In other words, 85 per cent of IP policy violations remain unnoticed in the field and cause no problems (until they may be discovered, of course).
Be the first to comment on this article!